CVE-2021-23422: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

August 30, 2021

This affects the package bikeshed This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output.

References

github.com/advisories/GHSA-87cj-px37-rc3x
github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd
nvd.nist.gov/vuln/detail/CVE-2021-23422
snyk.io/vuln/SNYK-PYTHON-BIKESHED-1537646

Detect and mitigate CVE-2021-23422 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →